At a glance.
- GDPR breach at Trinity College Dublin?
- Evil maid snoops into patient information.
- Colorado neurosurgery clinic sustains a breach.
- Summary of significant HIPAA violations.
Irish student group breaches GDPR.
Trinity College Dublin Students’ Union (TCDSU) was found in violation of the EU’s General Data Protection Regulation (GDPR) twice in the past month, University Times reports. Details of one breach are unclear, as it was handled internally, but the other involves a class representative using email addresses obtained through the union’s Slack channel to distribute details about a campaign involving a group called Students4Change, an independent activism organization. The representative at fault apologized and the Union’s Oversight Commission (OC) was notified of the incident. He explained that the email addresses of Union Members are publicly accessible, but that he was wrong to contact them about the campaign unsolicited. TCDSU Communications and Marketing Officer Aoife Cronin said that the incident highlights the need for a Union-specific GDPR policy, the creation of which had been mandated previously but was never completed.
Healthcare data exposed by New York hospital employee.
Huntington Hospital, located in the state of New York, has begun notifying 13,000 potentially impacted patients about a recent data breach. CBS Local New York reports that a night shift worker allegedly improperly accessed electronic medical records. The incident occurred between October 2018 and February 2019, after which the guilty party was fired and charged with a Health Insurance Portability and Accountability Act violation.
US neurosurgery clinic suffers breach.
Colorado-based medical practice Boulder Neurosurgical & Spine Associates (BNA) has disclosed a September data breach that potentially exposed personal customer data including names, dates of birth, and medical records. In a news release, BNA states that upon discovering the breach they quickly secured the system and enlisted a third-party forensic firm to investigate. BizWest explains that it’s still unclear if the data was exfiltrated, and if so, how many individuals were affected.
HIPAA “wall of shame” reveals the biggest healthcare breaches of 2021.
The US Health Information Technology for Economic and Clinical Health Act (HITECH) and HIPAA require covered entities to report data breaches exposing the private health information of five hundred or more individuals to the US Department of Health and Human Services’ Office for Civil Rights (OCR). As 2021 draws to a close, OCR’s publicly available breach portal shows that more than five hundred fifty incidents have been reported this year, impacting a total of over 40 million individuals. HealthITSecurity offers info on the top ten breaches of the year, noting that all were hacking or IT incidents, and that ransomware attacks continue to plague the healthcare sector. The breach with the greatest number of impacted individuals was the January cyberattack of health plan Florida Healthy Kids Corporation, compromising the data of 3.5 million insurance applicants. Runners-up include 20/20 Eye Care Network, where an Amazon Web Services environment leak led to the exposure of the data of 3,253,822 individuals, followed by Forefront Dermatology, where a network intrusion impacted 2,413,553 patients and staff.